gcleaner | 9c4e690febdf0c40f8ea25ca7ea34153230e77807aa8b088028004becd44079a | Triage

Sharing

General

Target

9c4e690febdf0c40f8ea25ca7ea34153230e77807aa8b088028004becd44079a
Size

264KB
Sample

240622-kmtvkasbla
MD5

ac1b9dbf2cde29e1d6106b6016866617
SHA1

7cf864139dd0675db6fc14c0fb810650c4282f77
SHA256

9c4e690febdf0c40f8ea25ca7ea34153230e77807aa8b088028004becd44079a
SHA512

19e45af09b3b507c89a4a09cf8f35e87a400ca8357aed6b7301687def9b982f742d4ab69e61217dc8d494422f8bebab5236acc7a25cb0f314c3ad22c5b588e79
SSDEEP

3072:m3Uq9xqR0SHtsrltkgtRL2/GyyL66HyapV2rAVtlMr0XvivTk3VInF23MUV:pV0SHCPrcBKcEVHMkK70VUF23M

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69

Attributes

url_path
/advdlc.php

Targets

- Target
  
  9c4e690febdf0c40f8ea25ca7ea34153230e77807aa8b088028004becd44079a
- Size
  
  264KB
- MD5
  
  ac1b9dbf2cde29e1d6106b6016866617
- SHA1
  
  7cf864139dd0675db6fc14c0fb810650c4282f77
- SHA256
  
  9c4e690febdf0c40f8ea25ca7ea34153230e77807aa8b088028004becd44079a
- SHA512
  
  19e45af09b3b507c89a4a09cf8f35e87a400ca8357aed6b7301687def9b982f742d4ab69e61217dc8d494422f8bebab5236acc7a25cb0f314c3ad22c5b588e79
- SSDEEP
  
  3072:m3Uq9xqR0SHtsrltkgtRL2/GyyL66HyapV2rAVtlMr0XvivTk3VInF23MUV:pV0SHCPrcBKcEVHMkK70VUF23M
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2